CCPA

California Consumer Privacy Act

California’s CCPA, in effect since January 2020, increases business responsibility for protecting personal data.

What is the CCPA and when does it apply?

Illustration Data Protection CCPA

The CCPA (California Consumer Privacy Act) strengthens the protection of personal data for California residents. It gives consumers the right to know what data is being collected, to request its deletion, to opt out of the sale or sharing of their data (including via the Global Privacy Control), and to be protected against any discrimination for exercising these rights.

Illustration Application Law CCPA

The CCPA, adopted in 2018, came into effect on January 1, 2020. It applies to for-profit companies that collect personal data from California residents and meet certain revenue or data volume thresholds.

Illustration affected by the law and penalties

Who is affected by this California law and what are the penalties for non-compliance?

The CCPA targets for-profit companies that generate more than $25 million in annual revenue, process the personal data of 100,000 or more California residents, or earn at least 50% of their annual income from selling that data. Unlike the GDPR (General Data Protection Regulation), which applies broadly to all organizations processing EU citizen data, the CCPA generally excludes small businesses and non-profit organizations that do not meet these thresholds. Companies based outside California may still fall under the law if they meet the criteria mentioned above.

In case of non-compliance, a business can be fined $2,500 per unintentional violation and up to $7,500 per intentional violation. Consumers may also claim up to $750 per incident if a data breach occurs due to a lack of reasonable security measures. Companies have 30 days to correct the issue once notified, or they may face legal action. In cases of multiple violations, fines can quickly add up to significant amounts.

How can you comply with the CCPA?

Here are the key steps to ensure your company complies with the CCPA and protects the personal information of California consumers:

Picto Update Private Policy

1. Update your privacy policy
 It should be clear, accessible, and accurately reflect the data collected, its use, and consumer rights.

Picto Map Data

2. Map your data
Identify what personal data is collected, where it comes from, how it’s used, and with whom it is shared.

Picto inform Consumers

3. Inform consumers
Be transparent at the time of data collection about what is being collected and why.

Picto Enable rights management

4. Enable rights management
Set up simple processes to handle requests for data access, deletion, or opting out of data sales.

Picto Train Staff

5. Train your staff
Raise awareness among teams about CCPA obligations and best practices for data handling.

6. Strengthen data security
Use appropriate measures such as encryption, secure access, and regular audits to protect personal data.

7. Maintain up-to-date documentation
Keep records of your compliance efforts to demonstrate accountability in case of audits or legal inquiries.

Anonymize your data with DOT Anonymizer !

Illustration protection of personal data

How can I protect citizens’ personal information?

To protect citizens’ personal information, particularly under the CCPA, companies must take concrete actions to ensure data confidentiality, security, and responsible management. This includes informing consumers about the data collected, allowing them to access it, delete it on request, and opt out of its sale.

One of the most effective ways to meet these obligations is through data anonymization, especially when data is no longer needed for operational purposes. DOT Anonymizer helps meet these requirements by providing secure and automated data masking—reinforcing compliance with the CCPA.